oCIS Configuration, Fullstack Mode Services, and Environment Variables

enable = true; configDir = "/etc/ocis/config"; }; } ``` This will start the oCIS server and make it available at `https://localhost:9200` However to make this configuration work you will need generate a configuration. You can do this with: ```console $ nix-shell -p ocis_5-bin $ mkdir scratch/ $ cd scratch/ $ ocis init --config-path . --admin-password "changeme" ``` You may need to pass `--insecure true` or provide the `OCIS_INSECURE = true;` to [`services.ocis.environment`][mod-envFile], if TLS certificates are generated and managed externally (e.g. if you are using oCIS behind reverse proxy). If you want to manage the config file in your nix configuration, then it is encouraged to use a secrets manager like sops-nix or agenix. Be careful not to write files containing secrets to the globally readable nix store. Please note that current NixOS module for oCIS is configured to run in `fullstack` mode, which starts all the services for owncloud on single instance. This will start multiple ocis services and listen on multiple other ports. Current known services and their ports are as below: | Service | Group | Port | |--------------------|---------|-------| | gateway | api | 9142 | | sharing | api | 9150 | | app-registry | api | 9242 | | ocdav | web | 45023 | | auth-machine | api | 9166 | | storage-system | api | 9215 | | webdav | web | 9115 | | webfinger | web | 46871 | | storage-system | web | 9216 | | web | web | 9100 | | eventhistory | api | 33177 | | ocs | web | 9110 | | storage-publiclink | api | 9178 | | settings | web | 9190 | | ocm | api | 9282 | | settings | api | 9191 | | ocm | web | 9280 | | app-provider | api | 9164 | | storage-users | api | 9157 | | auth-service | api | 9199 | | thumbnails | web | 9186 | | thumbnails | api | 9185 | | storage-shares | api | 9154 | | sse | sse | 46833 | | userlog | userlog | 45363 | | search | api | 9220 | | proxy | web | 9200 | | idp | web | 9130 | | frontend | web | 9140 | | groups | api | 9160 | | graph | graph | 9120 | | users | api | 9144 | | auth-basic | api | 9146 | ## Configuration via environment variables You can also eschew the config file entirely and pass everything to oCIS via environment variables. For this make use of [`services.ocis.environment`][mod-env] for non-sensitive values, and [`services.ocis.environmentFile`][mod-envFile] for sensitive values. Configuration in [`services.ocis.environment`][mod-env] overrides those from [`services.ocis.environmentFile`][mod-envFile] and will have highest precedence

This chunk details the configuration process for ownCloud Infinite Scale (oCIS), explaining how to generate an initial configuration using `nix-shell` and `ocis init`. It highlights the need to consider `--insecure true` or `OCIS_INSECURE = true` if TLS certificates are externally managed, such as behind a reverse proxy. For sensitive configuration data, it strongly recommends using secret managers like sops-nix or agenix to avoid writing secrets to the globally readable Nix store. The document notes that the current NixOS module for oCIS operates in `fullstack` mode, which starts numerous services, each listening on specific ports, and provides a comprehensive table of these services and their respective ports. Finally, it presents an alternative configuration method using environment variables via `services.ocis.environment` for non-sensitive values and `services.ocis.environmentFile` for sensitive ones, emphasizing that `services.ocis.environment` takes precedence.